Pmnh

Researcher fromSynack Red Team
#13744of 53,624
19.6Total CVSS
Vulnerabilities · 2
Critical
2
PT-2022-12464
9.8
2022-05-24
Luxsoft · Luxcal Web Calendar · CVE-2021-45914
**Name of the Vulnerable Software and Affected Versions** LuxSoft LuxCal Web Calendar versions prior to 5.2.0 **Description** An unauthenticated attacker can manipulate a POST request, allowing the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. **Recommendations** For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue.
PT-2022-12465
9.8
2022-05-24
Luxsoft · Luxcal Web Calendar · CVE-2021-45915
**Name of the Vulnerable Software and Affected Versions** LuxSoft LuxCal Web Calendar versions prior to 5.2.0 **Description** The issue allows an unauthenticated attacker to manipulate a cookie value, enabling the attacker's session to be authenticated as any registered LuxCal user, including the site administrator. **Recommendations** For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue.